CharterPad Widgets Security & Risk Analysis

wordpress.org/plugins/charterpad-widgets

CharterPad - The worldwide charter marketplace

0 active installs v1.0.5 PHP 5.4+ WP 3.4+ Updated Feb 2, 2022
availabilitycharterpadquotetrips-availabilitywidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is CharterPad Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

CharterPad Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The charterpad-widgets plugin v1.0.5 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are significant strengths. Furthermore, the lack of any recorded CVEs in its vulnerability history suggests a relatively stable and secure development past. However, there are areas for improvement and potential concern. The significant portion of improperly escaped output (37%) presents a risk of Cross-Site Scripting (XSS) vulnerabilities, which could be exploited if user-supplied data is not adequately sanitized before being displayed. Additionally, the complete absence of nonce and capability checks, particularly with the presence of shortcodes which can be triggered by users, indicates a potential for unauthorized actions or unintended behavior if these entry points are not properly secured. While the attack surface is small and appears to have no unprotected direct entry points according to the analysis, the lack of robust authorization checks on shortcodes is a notable weakness.

Key Concerns

  • Significant percentage of unescaped output
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

CharterPad Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CharterPad Widgets Release Timeline

v1.0.5Current
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

CharterPad Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
15 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

63% escaped24 total outputs
Attack Surface

CharterPad Widgets Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[cp-quote] charterpad-widgets.php:16
[cp-availability] charterpad-widgets.php:17
WordPress Hooks 4
actionadmin_menucharterpad-widgets.php:11
actionwp_headcharterpad-widgets.php:12
actionwp_footercharterpad-widgets.php:13
actionadmin_initcharterpad-widgets.php:98
Maintenance & Trust

CharterPad Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 2, 2022
PHP min version5.4
Downloads992

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

CharterPad Widgets Developer Profile

CharterPad

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CharterPad Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/charterpad-widgets/css/style.css/wp-content/plugins/charterpad-widgets/js/cp_widget_iframe.js
Script Paths
https://app.charterpad.com/widgets/js/app.js

HTML / DOM Fingerprints

CSS Classes
cpwidget5236_wrap
JS Globals
cpwidget5236_optionscpwidget5236_base_urlcpwidget5236_widgetsListcpwidget5236_styleSheetCdncpwidget5236_scriptCdn
Shortcode Output
[cp-quote][cp-availability]
FAQ

Frequently Asked Questions about CharterPad Widgets